SHAKEN AND STIRRED - Cdn.neustar
SHAKEN AND STIRRED Are You Ready for the CRTC’s November Deadline? Ken Politz Thomas Rumball Marcel Champagne Principal Product Specialist Neustar Director Network Architecture Bell Canada Senior Director Canadian Telecom Industry Liaison Neustar October 12, 2021 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited
WEBINAR AGENDA Today we will: Review nuisance call trends in Canada Regulatory actions to date Explain STIR/SHAKEN Lesson learned – Bell Canada Checklist Neustar’s solution Road ahead Q&A 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 2
POLL QUESTION - #1 What hurdles have you encountered when implementing STIR/SHAKEN? SELECT ALL THAT APPLY A. Understanding changing regulations B. Network readiness – My equipment or uplink TSP C. Cost – Support for network upgrades D. Testing – Own network limitations and interoperability validation 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 3
NEUSTAR OVERVIEW 20 years of success in Canadian Telecommunications industry Canadian Number Portability Administration Centre (NPAC) solution provider since 1998 Currently provide commercial services to over 65 Canadian customers Employs 1,600 in 8 countries, including Canada Provide services in every country & territory across the globe Co-author of STIR standards and early contributor to SHAKEN framework Leading supplier of STIR/SHAKEN and related solutions Ongoing leadership role in defining industry standards with ATIS, IETF and NTWG 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 4
MARKET TRENDS #1 Contact method for fraudsters 2X as many nuisance calls 40% Nuisance calls are the number #1 contact method for fraudsters -The Centre, in partnership with the Royal Canadian Mounted Police Nuisance Calls nearly doubled in the first seven months of 2020 from last year - Canadian Anti-Fraud Centre Of unwanted calls involve Caller ID spoofing - CRTC 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 5
REACTION FROM REGULATOR Dec 2019 CRTC establishes Canadian Secure Token Governance Authority CST-GA IMPACT Kickstart industry-wide adoption of STIR/SHAKEN policies, protocols, and operating procedures to mitigate illegal spoofing and nuisance calls TSPs should implement STIR/SHAKEN Sept 2020 CRTC extends STIR/SHAKEN deadline until June 2021 IMPACT Extends deadline due to several factors, including reallocation of resources due to COVID April 2021 CRTC clarifies stance to mandate STIR/SHAKEN and extends deadline again IMPACT Directs STIR/SHAKEN implementation by 30 November 2021 Requires TSPs to submit Readiness Assessment Reports by 31 August 2021 August 2021 CRTC rules on Mitel application requesting CST-GA to allow all TSPs to participate in Canadian STIR/SHAKEN ecosystem IMPACT Determines that direct access to numbering resources eligibility requirement is neither necessary nor appropriate Expects CST-GA to create, with currently ineligible TSPs and within 60 days of the date of this decision (5 August 2021), eligibility requirements that reflect their decision CRTC (and FCC) see eradicating nuisance calls and illegitimate caller ID spoofing as top priority! 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 6
WHAT HAVE WE LEARNED ALONG THE WAY? STIR SHAKEN DRIVING PRINCIPLES Customer Experience Regulatory Compliance DELIVERY Delivering what we can where we can BOUGHT vs build LESSONS Carefully test older SIP Stacks Issue resolution clearly separates PARTNERS from vendors. 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 77
WHAT IS STIR / SHAKEN? STIR: Secure Telephony Identity Revisited SHAKEN: Secure Handling of Asserted information using toKENs STIR / SHAKEN are the technology standards which enable TSPs to attest and digitally sign phone calls to help prevent illegitimate spoofing. Neustar is co-author of STIR, an ongoing contributor to the SHAKEN framework, active contributor and participant in NTWG and exclusively hosts the industry testbed for STIR/SHAKEN implementations 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 8
STIR/SHAKEN: ATTEST TO CALLER ID AND SECURELY SIGNAL TERMINATING TSP *SPOOF CALL* 416-555-4321 416-555-4321 Reference: ATIS-1000074 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 9
SHAKEN FRAMEWORK (IN CANADA) Governance/Policy CRTC STI-PA CRTC: Canadian Radio-television and Telecommunications Commission CST-GA: Canadian Secure Token - Governance Authority STI-PA: STI-Policy Administrator STI-CA: STI-Certification Authority STI-CR: STI-Certificate Repository Key Management SP-KMS: Service Provider-Key Management Server STI-CR: STI-Certificate Repository (optional) SKS: Secure Key Store Call Management STI-AS: STI-Authentication Service STI-VS: STI-Verification Service SPC Token Validations Service Provider Code Token Requests SKS Private Key(s) SP-KMS STI-CA STI-CR External STI-VS Requests STI Certificate Requests STI Certificate(s) STI-CR Optional) Private Key(s) STI-VS STI-AS List of Trusted STI-CAs Component of Neustar’s “Certified Caller” STIR/SHAKEN solution 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 10
CURRENT CST-GA ELIGIBILITY REQUIREMENTS FOR TSPs 1. Be a registered Local Exchange Carrier (LEC) or Wireless Service Provider (WSP) in good standing with the CRTC 2. Be eligible to acquire Canadian Telephone Numbers directly from the Canadian Numbering Administrator (CNA) 3. Submit Network Access Services and Mobile Subscribers data to Canadian Secure Token Governance Authority (CST-GA) 4. Become a shareholder of the CST-GA: Refer to www.cstga.ca for further details and most current information 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 11
ANTICIPATED CST-GA ELIGIBILITY REQUIREMENT CHANGES As directed by the CRTC, the CST-GA has completed an Industry Consultation: Produced report outlining consensus recommendations on criteria for TSPs, who are not eligible to become CST-GA shareholders, to directly participate in the Canadian STIR/SHAKEN ecosystem Any resulting operational and governance matters will be addressed later by CST-GA shareholders Recommendations on criteria relating to a TSP's identity, reputation and technical compliance are defined in the report Once the report is approved by the CST-GA Board, it was also recommended that the CST-GA: Amend its SPC Token Policy to reflect the new criteria Develop and implement an application and onboarding process for this new category of TSP applicant Send report to the CRTC A follow-on meeting, to discuss implementation of the recommendations, is currently scheduled for 22 October 2021 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 12
CST-GA MEMBERSHIP CONTINUES TO GROWING – NOW 37 MEMBERS Members As of October 2021 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 13
REGISTERING AND REQUESTING A STI (SIGNING) CERTIFICATE 1. Register with the Canadian Policy Administrator To take part in the Canadian STIR/SHAKEN ecosystem, TSPs, as qualified by CST-GA, must register with the Canadian STI-PA. TSPs will then successfully execute a test plan in the User Acceptance Test (UAT) environment before being granted access to the Production environment. The Canadian STI-PA is Neustar. 2. Select a Canadian Certification Authority TSPs next select the STI-CA they will work with to request a STI Certificate. A generated “fingerprint” is used to request an SPC Token, as well as to later validate a request for a STI Certificate. The current Canadian STI-CA is Neustar. 3. Obtain a Service Provider Code Token TSPs then request an SPC Token from the STI-PA for one of its assigned Operating Company Numbers (OCNs). The SPC Token includes this OCN, as well as the generated “fingerprint”, and is used to finally request a STI Certificate. Note that this OCN is an identifier for the TSP and not meant to define any particular numbering scope of authority. 4. Request a STI Certificate To enable end-to-end SHAKEN authentication, a TSP must obtain a STI Certificate from their selected STI-CA. To request a STI Certificate, the TSP sends a Certificate Signing Request (CSR) to the STI-CA, along with its associated SPC Token. References: ATIS-1000080 and ATIS-1000084 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 14
TESTING AND IMPLEMENTATION 5. Implement STIR/SHAKEN software Deploy all necessary components that perform functions associated with the STIR/SHAKEN framework (STI-AS, STI-VS, SP-KMS, SKS and optional STI-CR). 6. Perform Functional Testing It is important that TSPs test calls in a lab environment before deploying in a live network. Internal testing provides an opportunity to ensure hardware and software are configured properly to avoid wasting resources and causing service disruptions. 7. End-to-End Testing To begin testing between networks, TSPs should start by focusing on calls that originate and terminate within their own network to validate that authentication and verification functionality is working as expected. Next, they can expand to testing calls with other TSPs. Note: If you are a Neustar Certified Caller customer, you can leverage our comprehensive STIR/SHAKEN test plan, integration tools and hosted User Acceptance Test (UAT) environment in Canada. For non-Neustar Certified Caller customers, the ATIS Robocalling Testbed is an industry SHAKEN interoperability test facility that Neustar exclusively hosts for qualified TSPs and vendors. 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 15
OPERATIONAL SUPPORT AND TRAINING 8. Operational Support & Training To deliver any new capability at scale, a participating TSP needs to transition network management activities from Engineering to Operations and update systems and processes. Customer education will also be imperative, so they understand how to interpret any new messages and alerts appearing on their device(s). 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 16
1 December 2021? 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 1717
“WE’VE ONLY JUST BEGUN” 1. Published and pending new industry standards: New PASSporT types (especially “div” and “rcd”) Changes from operational experience 2. Cross-border (U.S. and Canada) SHAKEN (and beyond) 3. Support for ineligible SHAKEN entities (e.g., resellers, enterprises) 4. Legacy network support, including PSTN interconnections 5. Call treatment (including blocking/safe harbors, subscriber device display for nuisance and/or fraudulent calls, calling/called party notifications, reporting requirements and data retention) Reference: NTWG STIR/SHAKEN Guidelines 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 18
1. DIVERSION: “div” Diversion includes but is not limited to call forwarding and call transfer scenarios Common to see call forwarding implemented within the SHAKEN ecosystem in at least two ways due to different standards bodies and equipment vendor implementations Inevitably, there will be some period of “partial” support within the SHAKEN ecosystem Reference: ATIS-1000085 and NTWG STIR/SHAKEN Guidelines 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 19
1. RICH CALL DATA: “rcd” SHAKEN framework extension for authentication of calling party name and other caller identity information displayed to the called party, typically in the form of a string Also supports enhanced calling party data such as name, address, photos, logos, and other information Two implementation options: separate PASSporT or additional claims within the “shaken” PASSporT Of near-term interest in Canada is more the latter, specifically for originating Caller Name (CNAM): Protected Header { "alg":"ES256", "typ":"passport", "ppt"”:"shaken", "x5u":"https://biloxi.example.org/biloxi.cer" } Payload { "attest":"A" "dest":{"tn":["12155551213"]}, "iat":1607000294, "orig":{"tn":"12155551212"}, "origid":"123e4567-e89b-12d3-a456426655440000", "rcd":{"nam":"Dentist Office"} } Reference: ATIS-1000094 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 20
2. HOW ARE NUISANCE CALLS ADDRESSED AROUND THE WORLD? STIR/SHAKEN mandated in both countries Likely more of a question of WHEN, not IF, we will see authenticated calls across North America References: ATIS-1000087 and ATIS-1000091 Most nuisance calls per capita Brazilian National Telecommunications Agency (Anatel) asked Telecommunication operators to help address the nuisance call problem Established Do Not Disturb Registry 1999: Launched TPS Do Not Call Registry 2013: Ofcom launches plan to prevent nuisance calls 2021: Ofcom and NICC exploring STIR implementation framework for late 2021 IP network upgrades required by 2025 2020 Passed law imposing harsher penalties for those caught cold calling people living in France who are signed up to Bloctel, an anti-cold-calling list Australian Communications and Media Authority (ACMA) formed a committee including consumer organizations, telecommunication operators and government to address nuisance calls 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 21
3. THE ATTESTATION “GAP” FOR ENTERPRISES CHALLENGE: An enterprise call to the same consumer, using the same originating number, can have different treatment results! WHY? Attestation level is determined by combination of a) b) Which Telephone Number Service Provider (TNSP) is the source of the assigned TN Which TSP originates the call TSP #1 Enterprise PBX / SBC, BPO, Call Center STI-AS VoIP Network Unsigned TSP #2 TN - 416-123-5678 STI-AS Enterprise uses a TN assigned from TSP #1 to call a customer TNSP #1 TSP #1 A attestation TNSP #1 TSP #2 B attestation TSP #2 signs with ”B” and sends with SHAKEN PASSporT Same consumer, same originating number, potentially different experience? References: ATIS-1000089, ATIS-1000092 and ATIS-1000093 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 22
4. ACHIEVING END TO END VoIP REMAINS A CHALLENGE Rural and small carriers face financial hurdles to upgrade networks to 100% SIP Majority of TSP interconnects are TDM-based Optional Neustar Certified Caller feature References: ATIS-1000095, ATIS-1000096 and ATIS-1000097 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 23
POLL QUESTION - #2 Are you implementing a nuisance call blocking program? A. Already deployed B. Considering C. Vendor selection D. Not at this time 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 24
NEUSTAR CERTIFIED CALLER 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 25
NEUSTAR CERTIFIED CALLER AND CRTC MANDATE COMPLIANCE FEATURES AND GENERAL CRTC STI-PA SPC Token Validations Service Provider Code Token Requests SKS Private Key(s) Private Key(s) SP-KMS STI-CA Access to complete, extensible microservices suite (for hosted service, through Amazon Web Services exclusively in Canada) Web Portal access for configuration & management of software suite, as well as analytics dashboard & extensive reporting 24 X 7 Support through experienced support team Network-agnostic (e.g., flexible APIs, including SIP) Established market leader of STIR/SHAKEN software solutions (billions of calls being authenticated each month) Neustar also supplier & operator of Canadian governance and certificate management infrastructure since September 2020 Confidence in Neustar’s industry standards leadership No hidden costs for related standards changes, published roadmap enhancements and bug fixes Observed deployments in as little as one month STI-CR External STI-VS Verification Requests STI Public Key Certificate Requests STI Public Key Certificate(s) STI-CR Optional) NEUSTAR CERTIFIED CALLER STI-VS STI-AS List of Valid STI-CAs 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 26
NEUSTAR’S TRUSTED CALL SOLUTION SUITE FOR TSPs Neustar Policy Manager: Set originating and terminating call policies and preferences via a single interface. Single Login I Secure Access I Cloud-Based I Wireless and Wireline NEUSTAR’S TRUSTED CALL PLATFORM Neustar Policy Manager REGULATORY COMPLIANCE CERTIFIED CALLER ENTERPRISE CALL EXPERIENCE SUBSCRIBER CALL EXPERIENCE CALLER NAME OPTIMIZATON ENHANCED CALLER NAME (CNAM) ATTESTATION ELEVATION BRANDED CALL (RCD) DISPLAY SKS, SP-KMS, STI-AS, STI-VS, STI-CR ROBOCALL MITIGATION Nuisance Call Validation Treatment (CVT) CERTIFICATE MANAGER STI-CA TSP VETTING SERVICES 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 27
PERSPECTIVE – It’s not just about authenticating calls Deliver identity & context to give subscribers control over their phone experience. Restore trust in phone calls. Protect consumers. Improve customer engagement. Neustar’s comprehensive Trusted Call Solutions suite, including Certified Caller, helps deliver this perspective. 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 28
RECAP 1. Note key CRTC date: 30 November – STIR/SHAKEN Implementation 2. Review the eligibility requirements 3. Complete the checklist 2021 Neustar Inc. Confidential and Proprietary - External Distribution is prohibited 29
For follow up questions: Rob Khoury Director of Strategic Accounts rob.khoury@team.neustar 416-917-2204
STI-AS STI-VS SKS STI Certificate Requests Private Key(s) Private Key(s) List of Trusted STI-CAs Service Provider Code Token Requests CRTC: Canadian Radio-television and Telecommunications Commission CST -GA: Canadian Secure Token Governance Authority STI-PA: STI-Policy Administrator STI-CA: STI-Certification Authority STI-CR: STI-Certificate .
Neustar Ultra Services and UltraCare are Neustar’s trademarks and any use of these or any other Neustar mark without Neustar’s express written consent is prohibited. All other trademarks and/or service marks identified or ref
Report Center Getting Started Guide Version 3.0 . Neustar, Inc. Abstract . This document introduces the Neustar UltraDNS Managed Services Report Center and its extensive reporting capabilities that: Identif
Neustar AdAdvisor Audiences Reference Guide www.neustar.biz Reference Guide Key 1 Number of offline US households associated with the audience and reach by platform Index or likelihood of an audience to exhibit a particular behavior as compared to
SHAKEN “PASSporT” Verification of SHAKEN “PASSporT” The essence of SHAKEN is: 1. Originating service provider creates digital signature based on what it knows about the call origination: A. The customer and their right to use the number, or B. The customer (but not the number), or C. The point it enters their network 2.
Shaken Baby Association, Inc. www.shakenbaby.net 414-339-3208 HEAD MOVEMENT DURING SHAKING Shaken Baby Association, Inc. TEACHER: These photos of a doll show how an infant’s head moves when violently shaken
Single-use bags for the orbital shaken bioreactor (OSB) The design of the orbital shaken bioreactors is to keep the mixing hydrodynamics from the µl stage to scales as large as 2500L. Due to the simplicity of the technology, the speed of scale-up is fast with a lower cost of implementation compared to stirred systems.
Nov 12, 2016 · November 12th 2016 SPECIAL REPORT ESPIONAGE Shaken and stirred 20161012_
The present resource book is designed as a supplement to Peter Roach’s (2010) textbook English Phonetics and Phonology: A Practical Course and may be used to accompany lecture courses on English Phonetics at university level. It is equally suitable for self‐study and for in‐class situation
